Key Takeaways
- When creating an Elastic Compute Service (ECS) instance on Alibaba Cloud, it’s important to select a region geographically closer to the application users to reduce network latency, opt for a monthly subscription for cost-effectiveness, and use a clean official image for application installation.
- For deploying web applications, it’s recommended to use a sudo user for executing commands, keep the base image updated, and avoid installing unnecessary packages. Also, security should be prioritized by leaving no unused ports open in the security group of the ECS instance.
- ApsaraDB for RDS is recommended for database needs due to its speed and security optimization. It’s essential to choose the same region for the database instance and the ECS instance and ensure they are both in the same Virtual Private Cloud (VPC) for free intranet data transfer and increased security.
- Utilizing HTTPS is crucial for web application security, and Alibaba Cloud’s Direct Mail service is a cost-effective way to send emails from the application using Simple Mail Transfer Protocol (SMTP). The web-based installation process should follow best practices for database server configuration.
This article was originally published on Alibaba Cloud. Thank you for supporting the partners who make SitePoint possible.
In this article, I want to share the best practices I use when deploying a web application to Alibaba Cloud. I work as a freelancer and recently one of my clients asked me to setup SuiteCRM for his small organization. Since I frequently write tutorials for Alibaba Cloud, I recommended that the client use the same cloud platform. For nearly 100 users and at least 30 concurrent users, here’s the configuration I recommended.
- ECS instance of 2 vCPUs and 4GB RAM to install Nginx with PHP-FPM.
- ApsaraDB for RDS instance for MySQL with 1GB core, 1 GB RAM, and 10 GB storage.
- Direct Mail for sending emails.
The steps I followed are very simple and can be adopted for nearly all PHP based applications.
If you are new to Alibaba Cloud, you can use this link to sign up to Alibaba Cloud. You will get new user credit worth US$300 for free, which you can use to try out different Alibaba Cloud products.
Creating an ECS Instance
Alibaba Cloud has documented nearly everything you will require to get started with the cloud platform. You can use the Getting Started Tutorials or the Tech Share Blog to learn how to start using Alibaba Cloud. You can find the most obvious steps in the Quick Start Guide and let me walk you through the best practices to use when creating the ECS instance.
Log in to your Alibaba Cloud console and go to Elastic Compute Service interface. You can easily create the instance by clicking the Create Instance button. Things to keep in mind are:
- Region: Since Alibaba Cloud has data centers all around the globe, always choose the region which is geographically closer to the users of the application. As the data center is closer to the user, the website will load very fast due to the low latency of the network. In my case, I chose Mumbai region, as the organization was based in Mumbai itself.
- Billing Method: If you are planning to continuously run the instance 24/7, you should always choose the monthly subscription as it will cut down the price to less than half compared to Pay-As-You-Go. For example, the monthly subscription cost of a shared type ECS instance of 2 vCPUs and 4GB RAM is $23 USD but the same instance in Pay-As-You-Go costs $0.103 USD per Hour. Monthly cost becomes $0.103*24*30 = $74.16 USD.
- Instance Type: Choose the instance type according to your requirements. Resources can be increased later on demand.
- Image: You may find the application you wish to install on your ECS instance on a Marketplace image but it is always recommended to install it yourself in a clean official image. Later, if your application encounters some error, you will know where to look.
- Storage: System disks are deleted when the ECS instance is released. Use data disk when possible as your disk will be retained even after the instance is accidentally deleted.
Here’s the configuration I used.
You can choose the VPC which is created by default. You can add as many as 4092 instances in it. I use a different security group for each ECS instance so that I can configure individually and make sure that no unused port is opened.
Another important thing is to use key-based authentication rather than using passwords. If you already have a key-pair, you can add the public key to Alibaba Cloud. If not, you can use Alibaba Cloud to create one. Make sure that key is stored in a very secure place, and the key itself is encrypted by a passphrase.
That’s all the things to keep in mind while creating the ECS instance.
Setting Up the ECS Instance
Once you have created your instance and logged into the terminal, there are few things I suggest you should consider before you set up your website.
- Rather than using the root account for executing the commands, set up a sudo user on the first connection and always use the sudo user for running the commands. You can also set key based authentication for the sudo user, and disable root login entirely.
- Always keep your base image updated.
- Alibaba base images do not have any extra package which is not required. Do not install any package that’s not required.
- If things go bad during installation, you can always reset the instance by changing the system disk. You don’t need to delete the instance and recreate it.
I created the sudo user and configured key based auth in it. I updated the base image and set up unattended system upgrades. I followed a tutorial to install Nginx web server, which is a lightweight production-grade web server. Further, I installed PHP 7.2 with PHP-FPM. PHP 7.2 is the latest available version of PHP as of now. Using the latest software will ensure that the system is free from all the bugs and we will also get a faster processing and more stability. Finally, I downloaded the SuiteCRM archive from its official website and deployed the files into Nginx.
You can use the getting started tutorials or the tutorials written by Tech Share authors to install the applications.
Configuring Security Group Rules
It is very important to leave no unused port open in the security group of the ECS instance. Have a look at the security group rules I used for the SuiteCRM instance.
You can see that I have allowed only the ports 22, 80 and 443 along with all ICMP packets. Port 22 is used for SSH connection. Port 80 is the unsecured HTTP port, which in my case just redirects to the port 443 on HTTPS. ICMP packets are used to ping the host to check if it is alive or not. It’s perfectly okay if you want to drop the ICMP packets as well — you just won’t be able to ping your instance.
Creating the RDS Instance
The first question to ask before we create the RDS instance is why exactly we need it. We could install any open source database server such as MySQL, MariaDB, PostgreSQL or MongoDB server on the ECS instance itself.
The answer to the question is that ApsaraDB for RDS is optimized for speed and security. By default, the instance we create is only accessible to the whitelisted instances only.
Let’s look at the things to keep in mind when we create the ECS instance.
- Region: Always choose the same region for the database instance and the ECS instance. Also, make sure that they both are in the same VPC. This will enable you to leverage the free intranet data transfer between the hosts in the same network. Another advantage is that you will need to whitelist only the private IP address of the ECS instance. This increases the security of the database to a great extent.
- Billing: Again, the cost of monthly subscription is less than that of the Pay-As-You-Go method. Choose according to your needs.
- Capacity: You can start with a low-end configuration such as 1 Core, 1 GB instance, and 5 GB storage. Later on you can increase resources.
- Accounts: Never create the Master account for the MySQL 5.6 instance unless required. You can create a database and a database user for each database.
Here’s the RDS configuration I used for SuiteCRM.
Once the MySQL RDS instance was activated, I whitelisted the ECS instance from the Security tab of the instance. As soon as I whitelist the IP address, I got the hostname to the RDS instance along with the port number, which was MySQL default port “3306”. I created a database named “suitecrm” and a database user named “suitecrm” and provided read/write access to the user.
Using HTTPS
As the internet is growing more and more websites are being added on daily basis. When Let’s Encrypt certificate authority started giving SSL certificates for free, it became a trend to use SSL on every website. For the purpose of security, it is very important to use SSL on a web application. If the data being exchanged is unencrypted, a person eavesdropping into the network may extract the confidential information.
Alibaba Cloud also provides SSL certificates, but in my point of view, it is quite expensive. However, with expensive things come extra guarantees. SSL certificates provided by Alibaba Cloud is suitable for enterprise users.
In the SuiteCRM deployment, I also used Let’s Encrypt’s free SSL to secure the SuiteCRM web application. For generating the certificates by Certbot, which is a client application for Let’s Encrypt CA, the domain needs to be pointed towards the server.
Alibaba Cloud provides domain names at very reasonable rates with free whois protection. In my case, my client already had the domain name purchased elsewhere. I created a subdomain and pointed the domain to the ECS instance. I installed Certbot and could easily generate the certificates. Never forget to set up a cron job to renew the certificates automatically as the certificates expire every three months.
Setting Up Direct Mail
Setting up an email server by yourself should be avoided as to create an enterprise-grade web server requires expertise, time and the cost to maintain get very high. A slight misconfiguration leads the email directly into the spam folder.
Alibaba Cloud’s Direct Mail service provides a cheaper way to send emails from the application using SMTP. It’s free for the first 200 emails every day. In my case, 200 emails per day are enough, and emails exceeding the free quota is also very cheap. I added a new email subdomain into the Direct Mail. Upon adding the domain, I was asked to update the DNS. I did as instructed and it took some time for the DNS to verify as the propagation takes time. Once done, I added the sender address and I had the SMTP server ready to be used with the application.
Web-Based Installation
Finally, I had everything ready. The SuiteCRM application is hosted on ECS, and the database server is hosted on ApsaraDB for RDS. I could easily go through the web-based installation to install the software.
Here’s the configuration I provided for the database server during the web-based installation of SuiteCRM.
Similarly, I filled in all the required information and provided the SMTP server details.
Finally, my application was successfully deployed on Alibaba Cloud. Further, I suggested that the client use ApsaraDB for Memcache to store the session cache of SuiteCRM and to use WAF to secure the application against incoming threats. However, the client didn’t want to implement the suggestions as they’d increase their monthly bill. However, the client was very happy to see the performance of the application on Alibaba Cloud’s platform.
I frequently write technical blogs on Alibaba Cloud Tech Share platform. Go to the following link to find the tutorials written by me. I will also write the detailed guide of the steps and commands to run which are followed by me to install SuiteCRM on Ubuntu 16.04 on Alibaba Cloud Tech Share Platform.
Frequently Asked Questions (FAQs) about Deploying a Web Application on Alibaba Cloud
What are the key benefits of deploying a web application on Alibaba Cloud?
Alibaba Cloud offers a robust and scalable platform for deploying web applications. It provides a wide range of services including computing, storage, database, and networking services that can be tailored to meet the specific needs of your application. Alibaba Cloud also offers high availability and reliability, with multiple data centers located around the world. This ensures that your application remains accessible and performs optimally, regardless of where your users are located. Additionally, Alibaba Cloud provides comprehensive security features to protect your application and data from threats.
How does Alibaba Cloud compare to other cloud service providers?
Alibaba Cloud is one of the leading cloud service providers in the world, offering a comprehensive suite of services that can support a wide range of applications. Compared to other providers, Alibaba Cloud offers competitive pricing, a strong presence in Asia, and a commitment to innovation. It also provides a user-friendly interface and extensive documentation, making it easier for developers to deploy and manage their applications.
What are the steps to deploy a web application on Alibaba Cloud?
Deploying a web application on Alibaba Cloud involves several steps. First, you need to create an account and set up your environment. This includes configuring your network and security settings. Next, you need to choose the appropriate services for your application. This could include a computing service like Elastic Compute Service (ECS), a database service like ApsaraDB, and a storage service like Object Storage Service (OSS). Once you have chosen your services, you can deploy your application using the Alibaba Cloud Management Console or the Alibaba Cloud CLI.
What are the best practices for deploying a web application on Alibaba Cloud?
Some best practices for deploying a web application on Alibaba Cloud include planning your architecture carefully, choosing the right services for your needs, and configuring your environment securely. It’s also important to monitor your application regularly to ensure it’s performing optimally and to identify any potential issues early.
How can I ensure the security of my web application on Alibaba Cloud?
Alibaba Cloud provides a range of security features to help protect your application. This includes network security features like Security Groups and Network Access Control Lists (NACLs), as well as data encryption and identity and access management features. It’s also important to follow best practices for application security, such as regularly updating your software and using secure coding practices.
Can I scale my web application on Alibaba Cloud?
Yes, Alibaba Cloud provides several services that can help you scale your application. This includes Auto Scaling, which automatically adjusts your computing resources based on demand, and Load Balancing, which distributes traffic across multiple instances to ensure optimal performance.
What support does Alibaba Cloud offer for deploying web applications?
Alibaba Cloud offers extensive documentation and tutorials to help you deploy your web application. They also provide a range of support options, including online forums, technical support, and professional services.
How can I optimize the performance of my web application on Alibaba Cloud?
There are several ways to optimize the performance of your application on Alibaba Cloud. This includes choosing the right instance type for your needs, optimizing your database performance, and using services like Content Delivery Network (CDN) to deliver your content more efficiently.
What are the costs associated with deploying a web application on Alibaba Cloud?
The costs of deploying a web application on Alibaba Cloud depend on the services you use and the amount of resources you consume. Alibaba Cloud offers a pay-as-you-go pricing model, which means you only pay for the resources you use.
Can I migrate my existing web application to Alibaba Cloud?
Yes, Alibaba Cloud provides several tools and services to help you migrate your existing application. This includes the Server Migration Center, which can help you migrate your servers and data, and the Application Migration Service, which can help you migrate your applications.